The strengths of the IT general controls collectively provide an appropriate foundation for maintaining the integrity of information, the security of data, and the efficient operation of application controls. Weaknesses in IT general controls increase the risk of material misstatement at the financial statement level and undermine the effectiveness of specific IT application controls.
For each of the following four IT control risks, describe one control that an organization could have in place to reduce the risk of material misstatement, and explain specifically how the risk is reduced.
a. No policies/procedures exist to ensure effective IT management or IT staff supervision.
b. No alignment exists between business objectives, risks, and IT plans.
c. Reliance is placed on systems/programs that are inaccurately processing data or processing inaccurate data.
d. Unauthorized access to data makes it possible for destruction of data, improper changes, unauthorized or non-existent transactions, or inaccurate recording of transactions.